Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55240?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55240?format=api", "purl": "pkg:composer/intelliants/subrion@4.2.1", "type": "composer", "namespace": "intelliants", "name": "subrion", "version": "4.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.3", "latest_non_vulnerable_version": "4.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16418?format=api", "vulnerability_id": "VCID-3bwe-5b6b-a7e2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSubrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42778", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14835" }, { "reference_url": "https://github.com/intelliants/subrion/issues/760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/760" }, { "reference_url": "https://github.com/intelliants/subrion/pull/763/commits", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/pull/763/commits" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14835", "reference_id": "CVE-2018-14835", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14835" }, { "reference_url": "https://github.com/advisories/GHSA-c8mg-wp7h-f2pf", "reference_id": "GHSA-c8mg-wp7h-f2pf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c8mg-wp7h-f2pf" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14835", "GHSA-c8mg-wp7h-f2pf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bwe-5b6b-a7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18510?format=api", "vulnerability_id": "VCID-3h1n-dvmt-5qhz", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50662", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43830" }, { "reference_url": "https://github.com/al3zx/xss_financial_subrion_4.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/al3zx/xss_financial_subrion_4.2.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43830", "reference_id": "CVE-2023-43830", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43830" }, { "reference_url": "https://github.com/advisories/GHSA-q832-2275-rfqh", "reference_id": "GHSA-q832-2275-rfqh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q832-2275-rfqh" } ], "fixed_packages": [], "aliases": [ "CVE-2023-43830", "GHSA-q832-2275-rfqh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3h1n-dvmt-5qhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18666?format=api", "vulnerability_id": "VCID-3hbd-spm4-2kaz", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.026", "scoring_system": "epss", "scoring_elements": "0.85872", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43875" }, { "reference_url": "https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md" }, { "reference_url": "https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43875", "reference_id": "CVE-2023-43875", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43875" }, { "reference_url": "https://github.com/advisories/GHSA-646r-8fcc-p82r", "reference_id": "GHSA-646r-8fcc-p82r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-646r-8fcc-p82r" } ], "fixed_packages": [], "aliases": [ "CVE-2023-43875", "GHSA-646r-8fcc-p82r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hbd-spm4-2kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148410?format=api", "vulnerability_id": "VCID-44kx-4nnh-4bdf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01618", "scoring_system": "epss", "scoring_elements": "0.82122", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7357" }, { "reference_url": "https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7357", "reference_id": "CVE-2019-7357", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7357" }, { "reference_url": "https://github.com/advisories/GHSA-5mh2-82g9-72jv", "reference_id": "GHSA-5mh2-82g9-72jv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mh2-82g9-72jv" } ], "fixed_packages": [], "aliases": [ "CVE-2019-7357", "GHSA-5mh2-82g9-72jv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44kx-4nnh-4bdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13899?format=api", "vulnerability_id": "VCID-51fa-htgd-pkd7", "summary": "Cross-site Scripting\nCross-Site Scripting (XSS) vulnerability in Subrion via the title when adding a page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42096", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22330" }, { "reference_url": "https://github.com/intelliants/subrion/commit/06950c2f9c4aa69e323cbdd141beabb6a9273ca4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/commit/06950c2f9c4aa69e323cbdd141beabb6a9273ca4" }, { "reference_url": "https://github.com/intelliants/subrion/commit/0e9180d2330a00b1ce8e7ec2e92e0a4e0612f1a9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/commit/0e9180d2330a00b1ce8e7ec2e92e0a4e0612f1a9" }, { "reference_url": "https://github.com/intelliants/subrion/issues/850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22330", "reference_id": "CVE-2020-22330", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22330" }, { "reference_url": "https://github.com/advisories/GHSA-jj94-j4r3-5gr4", "reference_id": "GHSA-jj94-j4r3-5gr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jj94-j4r3-5gr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61667?format=api", "purl": "pkg:composer/intelliants/subrion@4.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2" } ], "aliases": [ "CVE-2020-22330", "GHSA-jj94-j4r3-5gr4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51fa-htgd-pkd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12966?format=api", "vulnerability_id": "VCID-7yej-24pb-d3dm", "summary": "Cross-site Scripting\n`_core/admin/pages/add/` in Subrion CMS has XSS via the `titles[en]` parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47421", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15563" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15563", "reference_id": "CVE-2018-15563", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15563" } ], "fixed_packages": [], "aliases": [ "CVE-2018-15563" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yej-24pb-d3dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12857?format=api", "vulnerability_id": "VCID-8g7b-wfgz-77f1", "summary": "Cross-site Scripting\n`uploads/.htaccess` in Subrion CMS allows XSS because it does not block `.html` file uploads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03066", "scoring_system": "epss", "scoring_elements": "0.86966", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14840" }, { "reference_url": "https://www.exploit-db.com/exploits/45150/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45150/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14840", "reference_id": "CVE-2018-14840", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14840" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8g7b-wfgz-77f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13834?format=api", "vulnerability_id": "VCID-8gvw-wym4-qufa", "summary": "SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49643", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18155" }, { "reference_url": "https://github.com/intelliants/subrion/issues/817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/817" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18155", "reference_id": "CVE-2020-18155", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18155" }, { "reference_url": "https://github.com/advisories/GHSA-7q44-gfvq-6g93", "reference_id": "GHSA-7q44-gfvq-6g93", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7q44-gfvq-6g93" } ], "fixed_packages": [], "aliases": [ "CVE-2020-18155", "GHSA-7q44-gfvq-6g93" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvw-wym4-qufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14028?format=api", "vulnerability_id": "VCID-94z6-as1s-pkem", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40114", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22392" }, { "reference_url": "https://github.com/intelliants/subrion/issues/868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/868" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22392", "reference_id": "CVE-2020-22392", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22392" }, { "reference_url": "https://github.com/advisories/GHSA-hxj6-v58r-cqv3", "reference_id": "GHSA-hxj6-v58r-cqv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hxj6-v58r-cqv3" } ], "fixed_packages": [], "aliases": [ "CVE-2020-22392", "GHSA-hxj6-v58r-cqv3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94z6-as1s-pkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206270?format=api", "vulnerability_id": "VCID-9fac-c1gc-jbft", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71746", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43121" }, { "reference_url": "https://github.com/intelliants/subrion/issues/895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/895" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43121", "reference_id": "CVE-2022-43121", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43121" }, { "reference_url": "https://github.com/advisories/GHSA-jrvr-gmqv-hgrh", "reference_id": "GHSA-jrvr-gmqv-hgrh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jrvr-gmqv-hgrh" } ], "fixed_packages": [], "aliases": [ "CVE-2022-43121", "GHSA-jrvr-gmqv-hgrh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fac-c1gc-jbft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206269?format=api", "vulnerability_id": "VCID-9hkc-qw4n-t7at", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70546", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43120" }, { "reference_url": "https://github.com/intelliants/subrion/issues/894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/894" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43120", "reference_id": "CVE-2022-43120", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43120" }, { "reference_url": "https://github.com/advisories/GHSA-3wmg-28v9-8hf6", "reference_id": "GHSA-3wmg-28v9-8hf6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3wmg-28v9-8hf6" } ], "fixed_packages": [], "aliases": [ "CVE-2022-43120", "GHSA-3wmg-28v9-8hf6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hkc-qw4n-t7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18756?format=api", "vulnerability_id": "VCID-abws-hvpw-myfy", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nSubrion 4.2.1 has a remote command execution vulnerability in the backend.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01861", "scoring_system": "epss", "scoring_elements": "0.83383", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46947" }, { "reference_url": "https://github.com/intelliants/subrion/issues/909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/909" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46947", "reference_id": "CVE-2023-46947", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46947" }, { "reference_url": "https://github.com/advisories/GHSA-2x28-c7j7-23gv", "reference_id": "GHSA-2x28-c7j7-23gv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2x28-c7j7-23gv" } ], "fixed_packages": [], "aliases": [ "CVE-2023-46947", "GHSA-2x28-c7j7-23gv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abws-hvpw-myfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16522?format=api", "vulnerability_id": "VCID-by36-7n26-g7cc", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\npanel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55426", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16629" }, { "reference_url": "https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385" }, { "reference_url": "https://github.com/intelliants/subrion/issues/777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/777" }, { "reference_url": "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16629", "reference_id": "CVE-2018-16629", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16629" }, { "reference_url": "https://github.com/advisories/GHSA-mxv3-qcmf-r6wj", "reference_id": "GHSA-mxv3-qcmf-r6wj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mxv3-qcmf-r6wj" } ], "fixed_packages": [], "aliases": [ "CVE-2018-16629", "GHSA-mxv3-qcmf-r6wj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by36-7n26-g7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12910?format=api", "vulnerability_id": "VCID-cjhs-mtaa-7kdb", "summary": "Cross-site Scripting\nThere is Stored XSS in Subrion via the admin panel URL configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44499", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16327" }, { "reference_url": "https://github.com/intelliants/subrion/issues/771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/771" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16327", "reference_id": "CVE-2018-16327", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16327" } ], "fixed_packages": [], "aliases": [ "CVE-2018-16327" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjhs-mtaa-7kdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15192?format=api", "vulnerability_id": "VCID-ekj6-hqpd-5ybq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01709", "scoring_system": "epss", "scoring_elements": "0.82644", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18325" }, { "reference_url": "https://github.com/hamm0nz/CVE-2020-18325", "reference_id": "CVE-2020-18325", "reference_type": "", "scores": [], "url": "https://github.com/hamm0nz/CVE-2020-18325" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18325", "reference_id": "CVE-2020-18325", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18325" }, { "reference_url": "https://github.com/advisories/GHSA-pcwq-7wrw-r8jv", "reference_id": "GHSA-pcwq-7wrw-r8jv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcwq-7wrw-r8jv" } ], "fixed_packages": [], "aliases": [ "CVE-2020-18325", "GHSA-pcwq-7wrw-r8jv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekj6-hqpd-5ybq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15650?format=api", "vulnerability_id": "VCID-fc5n-dcez-93fn", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA cross-site scripting (XSS) vulnerability exists in the \"contact us\" plugin for Subrion CMS <= 4.2.1 version via \"List of subjects\".", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40876", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41948" }, { "reference_url": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41948", "reference_id": "CVE-2021-41948", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41948" }, { "reference_url": "https://github.com/advisories/GHSA-jv64-2m3x-6v4q", "reference_id": "GHSA-jv64-2m3x-6v4q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jv64-2m3x-6v4q" } ], "fixed_packages": [], "aliases": [ "CVE-2021-41948", "GHSA-jv64-2m3x-6v4q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fc5n-dcez-93fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201832?format=api", "vulnerability_id": "VCID-gmvv-sz8z-ebgp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49214", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37059" }, { "reference_url": "https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing", "reference_id": "", "reference_type": "", "scores": [], "url": "https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37059", "reference_id": "CVE-2022-37059", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37059" }, { "reference_url": "https://github.com/advisories/GHSA-rh4r-9689-6xw4", "reference_id": "GHSA-rh4r-9689-6xw4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh4r-9689-6xw4" } ], "fixed_packages": [], "aliases": [ "CVE-2022-37059", "GHSA-rh4r-9689-6xw4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmvv-sz8z-ebgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183538?format=api", "vulnerability_id": "VCID-hay9-1wuc-s3b1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42778", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41502" }, { "reference_url": "https://github.com/intelliants/subrion/issues/885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41502", "reference_id": "CVE-2021-41502", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41502" }, { "reference_url": "https://github.com/advisories/GHSA-jvq4-cgfw-jgf4", "reference_id": "GHSA-jvq4-cgfw-jgf4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvq4-cgfw-jgf4" } ], "fixed_packages": [], "aliases": [ "CVE-2021-41502", "GHSA-jvq4-cgfw-jgf4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hay9-1wuc-s3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19545?format=api", "vulnerability_id": "VCID-j2eh-myxv-abbm", "summary": "Subrion CMS vulnerable to SQL Injection\nSubrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65958", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25400" }, { "reference_url": "https://cwe.mitre.org/data/definitions/89.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/89.html" }, { "reference_url": "https://github.com/intelliants/subrion", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion" }, { "reference_url": "https://github.com/intelliants/subrion/issues/910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/910" }, { "reference_url": "https://subrion.org", "reference_id": "", "reference_type": "", "scores": [], "url": "https://subrion.org" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25400", "reference_id": "CVE-2024-25400", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25400" }, { "reference_url": "https://github.com/advisories/GHSA-xxf8-fpmr-fw7v", "reference_id": "GHSA-xxf8-fpmr-fw7v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxf8-fpmr-fw7v" } ], "fixed_packages": [], "aliases": [ "CVE-2024-25400", "GHSA-xxf8-fpmr-fw7v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2eh-myxv-abbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22388?format=api", "vulnerability_id": "VCID-j8ge-mhfk-ebd9", "summary": "Subrion CMS vulnerable to cross-site scripting\nMultiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-70958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04203", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-70958" }, { "reference_url": "https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt" }, { "reference_url": "https://github.com/intelliants/subrion", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70958", "reference_id": "CVE-2025-70958", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70958" }, { "reference_url": "https://github.com/advisories/GHSA-9jjm-mc56-3qxv", "reference_id": "GHSA-9jjm-mc56-3qxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jjm-mc56-3qxv" } ], "fixed_packages": [], "aliases": [ "CVE-2025-70958", "GHSA-9jjm-mc56-3qxv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8ge-mhfk-ebd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18518?format=api", "vulnerability_id": "VCID-jqzh-mw8h-23bv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50662", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43828" }, { "reference_url": "https://github.com/al3zx/xss_languages_subrion_4.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/al3zx/xss_languages_subrion_4.2.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43828", "reference_id": "CVE-2023-43828", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43828" } ], "fixed_packages": [], "aliases": [ "CVE-2023-43828" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqzh-mw8h-23bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/158342?format=api", "vulnerability_id": "VCID-ng2d-pg2s-2fac", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61069", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23761" }, { "reference_url": "https://subrion.org", "reference_id": "", "reference_type": "", "scores": [], "url": "https://subrion.org" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23761", "reference_id": "CVE-2020-23761", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23761" }, { "reference_url": "http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version", "reference_id": "CVE-2020-23761-STORED-XSS-VULNERABILITY-IN-SUBRION-CMS-VERSION", "reference_type": "", "scores": [], "url": "http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version" }, { "reference_url": "https://github.com/advisories/GHSA-xhc3-5pgf-p576", "reference_id": "GHSA-xhc3-5pgf-p576", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhc3-5pgf-p576" } ], "fixed_packages": [], "aliases": [ "CVE-2020-23761", "GHSA-xhc3-5pgf-p576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ng2d-pg2s-2fac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15451?format=api", "vulnerability_id": "VCID-ngpm-xvdu-sybs", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00782", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43464" }, { "reference_url": "https://github.com/intelliants/subrion/issues/888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43464", "reference_id": "CVE-2021-43464", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43464" }, { "reference_url": "https://github.com/advisories/GHSA-g54x-29xv-58h5", "reference_id": "GHSA-g54x-29xv-58h5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g54x-29xv-58h5" } ], "fixed_packages": [], "aliases": [ "CVE-2021-43464", "GHSA-g54x-29xv-58h5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngpm-xvdu-sybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18532?format=api", "vulnerability_id": "VCID-qwxk-wzqe-7kdp", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39903", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43884" }, { "reference_url": "https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43884", "reference_id": "CVE-2023-43884", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43884" } ], "fixed_packages": [], "aliases": [ "CVE-2023-43884" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwxk-wzqe-7kdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16241?format=api", "vulnerability_id": "VCID-r136-w6fm-t7fc", "summary": "Unrestricted Upload of File with Dangerous Type\n/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html" }, { "reference_url": "http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84263", "scoring_system": "epss", "scoring_elements": "0.99328", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19422" }, { "reference_url": "https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab" }, { "reference_url": "https://github.com/intelliants/subrion/issues/801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion/issues/801" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19422", "reference_id": "CVE-2018-19422", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19422" }, { "reference_url": "https://github.com/advisories/GHSA-73xj-v6gc-g5p5", "reference_id": "GHSA-73xj-v6gc-g5p5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73xj-v6gc-g5p5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61667?format=api", "purl": "pkg:composer/intelliants/subrion@4.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2" } ], "aliases": [ "CVE-2018-19422", "GHSA-73xj-v6gc-g5p5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r136-w6fm-t7fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19556?format=api", "vulnerability_id": "VCID-s1ez-jft2-tydn", "summary": "Subrion CMS vulnerable to Cross Site Scripting\nSubrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47933", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25399" }, { "reference_url": "https://cwe.mitre.org/data/definitions/79", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/79" }, { "reference_url": "https://github.com/intelliants/subrion", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/intelliants/subrion" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25399", "reference_id": "CVE-2024-25399", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25399" }, { "reference_url": "https://github.com/advisories/GHSA-q4qh-8pxw-r48q", "reference_id": "GHSA-q4qh-8pxw-r48q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4qh-8pxw-r48q" } ], "fixed_packages": [], "aliases": [ "CVE-2024-25399", "GHSA-q4qh-8pxw-r48q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1ez-jft2-tydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15194?format=api", "vulnerability_id": "VCID-sqbf-5a82-yucu", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.", "references": [ { "reference_url": "http://intelliants.com", "reference_id": "", "reference_type": "", "scores": [], "url": "http://intelliants.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06672", "scoring_system": "epss", "scoring_elements": "0.9137", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18324" }, { "reference_url": "http://subrion.com", "reference_id": "", "reference_type": "", "scores": [], "url": "http://subrion.com" }, { "reference_url": "https://github.com/hamm0nz/CVE-2020-18324", "reference_id": "CVE-2020-18324", "reference_type": "", "scores": [], "url": "https://github.com/hamm0nz/CVE-2020-18324" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18324", "reference_id": "CVE-2020-18324", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18324" }, { "reference_url": "https://github.com/advisories/GHSA-xj7h-g7rh-gjcw", "reference_id": "GHSA-xj7h-g7rh-gjcw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj7h-g7rh-gjcw" } ], "fixed_packages": [], "aliases": [ "CVE-2020-18324", "GHSA-xj7h-g7rh-gjcw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqbf-5a82-yucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15195?format=api", "vulnerability_id": "VCID-vzeg-42da-euej", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0164", "scoring_system": "epss", "scoring_elements": "0.82255", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18326" }, { "reference_url": "https://github.com/hamm0nz/CVE-2020-18326", "reference_id": "CVE-2020-18326", "reference_type": "", "scores": [], "url": "https://github.com/hamm0nz/CVE-2020-18326" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18326", "reference_id": "CVE-2020-18326", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18326" }, { "reference_url": "https://github.com/advisories/GHSA-9cc3-5w85-pxvx", "reference_id": "GHSA-9cc3-5w85-pxvx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cc3-5w85-pxvx" } ], "fixed_packages": [], "aliases": [ "CVE-2020-18326", "GHSA-9cc3-5w85-pxvx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzeg-42da-euej" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1" }